Sure, Autofocus is being sunset in favor of Cortex XSOAR Threat Intel Management (TIM).
Essentially, during a security incident, it's hard to investigate and operationalize data. To get questions answered like "is this a targeted attack, or generalized script? Who is the perpetrator, how do we stop them? What assets are at risk, where are attacks coming from and going to?" All that in a centralized place. Find that overview here.
Minemeld is a free tool that collects data and aggregates them into lists. For example, if you wanted to write a rule that allowed traffic using application "Facebook" only to known Facebook IPs, minemeld will be able to scrape those and output them into an EDL for the NGFW to ingest.
Minemeld is still community supported here on LiveCommunity, so you can use it to build your custom lists and import threat feeds, if you choose.
We also maintain some of our own lists here. With threat prevention subscription we give you 4 different EDLs specific to threat, as well.
Just as an FYI, the MineMeld image hasn't gotten updated in quite a long time. You could continue to utilize the Docker image and properly isolate it to become less of an issue, but it's still pretty outdated.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!